OCS Hosting Service takes security, reliability, and privacy very seriously and thus utilizes several methods to keep your account safe in all our data centers and also by following security best practices that will helps protect your data and assets in the cloud.

Beyond providing a range of security services and features that customers can use to secure their assets, we also expect our customers to be responsible for their own security under what we call a "shared responsibility model".

Now, these below are by no means exhaustive as most of what we done on the area of security lies beyond the surface but these are the ones that could directly affect the way you interact with our system. And we want you to know your options and what to do to get the situation immediately resolved.

1. Two-Factor Authentication.

Frankly, it's easier than you think for someone to steal your password that you could possibly ever imagine because passwords are increasingly easy to compromise.

Any of these common actions could put you at risk of having your password stolen:

using the same password on more than one site

criminals infecting your computer with keystroke loggers

data harvesting via phishing websites

sharing or reusing passwords with other people

social engineering and attacks over your phone

downloading an app on software to your local system or mobile device

clicking on links in email messages from friends, families or those you don't know.

Two-factor authentication adds an additional layer of security by introducing a second step to your login.

It takes something you know (i.e.: your password), and adds a second factor, typically something you physically have (such as your phone).

Since both are required to log in, in the event an attacker obtains your password two-factor authentication would stop them for accessing your account.

But please, we beg you in the name of all that is holy, not to do that.

There are tons of great password managers that you could use to securely manage your password seven if you have a million of them and often come as stand-alone applications, web browser extensions, or a manager built into your operating system.

Most password managers can automatically create strong passwords using a cryptographically secure random password generator, as well as calculating the entropy of the generated password.

A good password manager will provide resistance against attacks such as key logging, clipboard logging and various other memory spying techniques.
Please see below for some good password generators you can use.

It is important to understand that while this is part of our overall security strategy, it is actually an outdated security model because it is a security model that was in theory assumed to mean that if a password has been compromised, requiring it to be changed regularly should limit the access time for the attacker.

In today's digital environment, "average" or "bad" passwords can be cracked in the cloud in mere seconds.

If your password is compromised it will almost certainly be in seconds, not months.

Moreover, a compromised password is likely to be used immediately by an attacker to install a back-door on your local system, often via privilege escalation and once this is accomplished, password changes won't prevent future attacker access.

And when the bad guy gets your password, they are not going to wait the required "90 days", they are going to leverage it right away.

And that's why it is essential to take into consideration or implement the other options we have listed on this page.

In all, you are as good as your overall security.

3. Password Strength

The internet was never designed to be used by those outside a circle of trust.

That it took the whole by storm and changed it also means that adequate security measures weren't put in place to accommodate its explosive growth.

Password authentication, a relic of the era that try to overcome these shortcomings is still very pervasive even though new technologies are cropping up to replace it.

But until such time, it remains the primary authenticating mechanism for most online systems.

OCS Hosting Service enforces a minimum password strength for your cPanel, Webmail, Plesk, Billing system and other portals that customers have access to.

With password strength enforcement, our system measures the effectiveness of your password against guessing or brute-force attacks.

In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly.

When you add a password, the strength is indicated by a password strength meter.

The strength of a password is a function of length, complexity, and unpredictability.

But please do remember that this measure or feature is not a reliable guide to how likely it is that your password will be cracked but designed to nudge you in the direction of creating better, stronger passwords in general.

We should repeat this: using strong passwords lowers overall risk of a security breach, but strong passwords do not replace the need for other effective security controls.

And even when you use these tools to either check your password strength or create a new passwords, do add additional symbols or letters or alphabets to the password you just checked if you intend to use it online just to be on the safe side.

After entering the CAPTCHA and password correctly, our system will remove you from the blocked list and if it notices that you consistently uses this IP address, it will automatically white-list it for you.

You can also ask us to white-list the IP if you have a static IP address.

However do note that i a case of repeated violation where you fail the password authentication multiple times, your IP address may be automatically & permanently banned for accessing our systems.

What to do when you get banned or having issues accessing your account(s):